CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-37971 – staging: bcm2835-camera: Initialise dev in v4l2_dev
https://notcve.org/view.php?id=CVE-2025-37971
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to pass dev->v4l2_dev.dev to vchiq_mmal_init, however nothing iniitialised dev->v4l2_dev, so we got a NULL pointer dereference. Set dev->v4l2_dev.dev during bcm2835_mmal_probe. The device pointer could be passed into v4l2_device_register to set it, however that also has other effects that w... • https://git.kernel.org/stable/c/42a2f6664e18874302623f31edef545ef41e1d14 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37970 – iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
https://notcve.org/view.php?id=CVE-2025-37970
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the devi... • https://git.kernel.org/stable/c/290a6ce11d938be52634b3ce1bbc6b78be4d23c1 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37969 – iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
https://notcve.org/view.php?id=CVE-2025-37969
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len i... • https://git.kernel.org/stable/c/801a6e0af0c6cedca2e99155e343ad385a50f08e •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-37968 – iio: light: opt3001: fix deadlock due to concurrent flag access
https://notcve.org/view.php?id=CVE-2025-37968
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making th... • https://git.kernel.org/stable/c/94a9b7b1809f56cfaa080e70ec49b6979563a237 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-37967 – usb: typec: ucsi: displayport: Fix deadlock
https://notcve.org/view.php?id=CVE-2025-37967
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire i... • https://git.kernel.org/stable/c/af8622f6a585d8d82b11cd7987e082861fd0edd3 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-37966 – riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
https://notcve.org/view.php?id=CVE-2025-37966
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not available, the kernel crashes: Oops - illegal instruction [#1] [snip] epc : set_tagged_addr_ctrl+0x112/0x15a ra : set_tagged_addr_ctrl+0x74/0x15a epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10 [snip] status: 0000000200000120 badaddr: 0000000010a79073 cause: 0000000000000002 set_tagged_addr_ctrl+0x... • https://git.kernel.org/stable/c/09d6775f503b393d0457c7126aa43208e1724004 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-37965 – drm/amd/display: Fix invalid context error in dml helper
https://notcve.org/view.php?id=CVE-2025-37965
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] "BUG: sleeping function called from invalid context" error. after: "drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()" The populate_dml_plane_cfg_from_plane_state() uses the GFP_KERNEL flag for memory allocation, which shouldn't be used in atomic contexts. The allocation is needed only for using another helper function get_scaler_data_for_plane(). [How] Modify hel... • https://git.kernel.org/stable/c/74d6fba60f05ca6b298702233b6e6cc7629eeb5a •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2025-37964 – x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
https://notcve.org/view.php?id=CVE-2025-37964
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() has a bug and suppresses the flush. Fix it by widening the window where should_flush_tlb() sends an IPI. Long Version: === History === There were a few things leading up to this. First, updating mm_cpumask() was obse... • https://git.kernel.org/stable/c/848b5815177582de0e1d0118725378e0fbadca20 •
CVSS: 7.2EPSS: %CPEs: 5EXPL: 0CVE-2025-37963 – arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
https://notcve.org/view.php?id=CVE-2025-37963
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/6e52d043f7dbf1839a24a3fab2b12b0d3839de7a •
CVSS: 7.8EPSS: %CPEs: 6EXPL: 0CVE-2025-37962 – ksmbd: fix memory leak in parse_lease_state()
https://notcve.org/view.php?id=CVE-2025-37962
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure. This patch fixes the issue by adding kfree(lreq) before returning NULL in both boundary check cases. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix me... • https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284 •